In May this year, HackRead reported how an Israeli company Unimania was caught collecting personal, Facebook and browsing data of users through Android apps and Chrome extensions. Now, researchers have discovered another “spyware” campaign aiming at stealing personal data of users but this time it is far bigger than the one previously reported.
Ad-blockers and security software are widely used to prevent unauthorized online monitoring but according to researchers at AdGuard, there are many Chrome and Firefox extensions, and smartphone apps that collect private user data using shady techniques.
Such as, the iOS apps request the user to install a Mobile Device Management tool that lets the app to fully control the device, access data and intercept traffic. The tactics employed by these apps and extensions are commonly seen in apps containing malware.
According to Andrey Meshkov, co-founder AdGuard, some iOS and Android users and those having Google Chrome and Mozilla Browser extensions installed are being snooped and it is quite worrying that these apps and browser extensions have already been downloaded over 11m times. The stolen information is sent to servers that are operated by the developers of these extensions and apps.
AdGuard researchers have also identified that these extensions and mobile apps are being operated by a single company called Big Star Labs, which was incorporated in 2017. It has developed popular apps like Battery Saver, Speed Booster, and Clean Droid, etc., while popular extensions include Block Site and Proper Blocker. The findings of their research were published on Tuesday.
Meshkov noted that the privacy policies of all the Android apps are identical and all mention Big Star Labs’ name. The policies are somewhat misleading because these aren’t available in text format, like a majority of policies do, but in images. Previous versions of the apps do not contain tracking code while the later versions contain code that is highly obfuscated and can transfer browsing histories of the users. This makes it difficult for search engines to index these apps.
“Big Star Labs is pretty good at hiding their affiliated apps and websites. Every document that contains the company name is an image (in other words, you cannot simply Google their name), they use different accounts in extension stores, and the domain owners aren’t publicized,” explains Meshkov.
Furthermore, the malicious Android apps and Chrome extensions were not available on the official Chrome Web Store or Google Play Store but according to AdGuard, BlockSite Android app was available for download on Google Play. An interesting fact is that the iOS extension AdblockPrime can be directly downloaded from adblockprime[.]com via Safari browser and there is no evidence that this app was featured on Apple’s App Store.
A full list of suspicious apps and extensions:
Adblock Prime is an ad blocker app for iOS users and its exact number of installation is unclear since Apple does not share the total number of app users.
Several popular Android utilities.
Speed BOOSTER – an Android app with 5,000,000+ installs.
Battery Saver – an Android app with 1,000,000+ installs.
AppLock | Privacy Protector – an Android app with 500,000+ installs.
Clean Droid – an Android app with 500,000+ installs.
Chrome extension with 410,000+ users.
The most concerning part is that these apps and extensions are capable of collecting highly personal data including complete browsing history but nothing about that is mentioned in their privacy policies. The policies just claim to collect anonymized and non-personal user information. According to AdGuard, this practice violates the policies of all app and extension stores but despite that, these are available for download on reliable platforms.